By offering a million dollar reward for found vulnerabilities in the browser, Chrome, Google has got what she wanted. Within five minutes after the Pwn2Own hacking competition French team Vupen Securitywas able to carry out the exploit two vulnerabilities Chrome and fully hack the browser . Thus, the team made a serious bid to win throughout the contest. This case also demonstrates that the Chrome sandbox is not a panacea against all attacks.
According to new rules Pwn2Own , a successful demonstration of the exploit no longer guarantee victory in the general competition, the result of the competition will be calculated on points. For 0day vulnerabilities member receives 32 points. Additionally, 10, 9, or 8 points credited for writing the exploit one of the two vulnerabilities, which will be announced before the competition. The number of points depends on what day of the contest the exploit was presented. The competition is held in Vancouver from 7 to 9 March, three winners will receive cash prizes of $ 60 thousand, $ 30 thousand and $ 15 thousand, respectively.
In parallel with the Pwn2Own contest organized by a separate Pwnium , in which Google has itself paid compensation of $ 60 thousand for the discovered vulnerability. Just an hour before the Pwn2Own, distinguished renowned expert on security Sergei Glazunov , on account of which more than a dozen bugs were found in Chrome and other products of Google. Usually he gets for them, the standard payment of $ 1,000 to $ 3,000, but this time the Russian student owes much more – sixty thousand dollars. Well, a good increase in their stipends.
It is reported that Sergei Glazunov was able to make a successful exploit, using two new vulnerabilities in Chrome, which will soon be closed through the auto update.